96
96
38. <A href="#startupfail">MaraDNS isn't starting up</A><p>
98
98
39. <A href="#releases">You make a lot of releases of MaraDNS; at our
99
ISP/IT department, updating software is non-trivial.</A>
99
ISP/IT department, updating software is non-trivial.</A><p>
101
40. <A href="#nxdomain">I have star records in my zones, and am having
102
problems with NXDOMAINs/IPV6 resolution</A><p>
104
41. <A href="#blankzone">I have a zone with only SOA/NS records, and the
105
zone is not working.</A>
107
<p>42. <A href="#afnic">I am having problems registering my domain with AFNIC
108
(the registrar for .fr domains)</A>
110
<p>43. <A href="#nsdangle">I can't see the full answers for subdomains I have
113
<p>44. <A href="#resolve">MaraDNS 1 has a problem resolving a domain</A>
115
<p>45. <A href="#nxdomain2">MaraDNS 1.2 has issues with NXDOMAINS and
116
case sensitivity.</a>
118
<p>46. <A href="#phishing">Can MaraDNS offer protection from phishing and
121
<p>47. <A href="#star">Does maradns support star (wildcard) records?</A>
104
126
<A NAME=version1>
106
<H2>1. I'm still using version 1.0 of MaraDNS</H2>
108
MaraDNS 1.0 will continue to be supported until December 21, 2007; this
109
means that MaraDNS 1.0 bug fixes will
110
still be applied. After 2007/12/21, MaraDNS 1.0 will no longer be fully
111
supported; the only updates, at that point, would be bugtraq-worthy critical
112
security fixes. Not even these security updates will be applied after
117
People who wish to run MaraDNS 1.0 unsupported after 2010/12/21 need to keep
118
in mind that MaraDNS 1.0 is <i>not</i> Y2038 compliant, and will have
119
problems starting in 2036 or so. MaraDNS 1.2, on the other hand, is fully
124
There is still a FAQ for version 1.0 of MaraDNS available
125
<A href="http://www.maradns.org/faq-1.0.html">here</A>.
129
Updating from 1.0 to 1.2 requires a minimum number of changes; with most
130
configurations, MaraDNS 1.2 is fully compatible with MaraDNS 1.0 data
131
files. Details are in the <A
132
href="http://www.maradns.org/tutorial/1.2/update.html">updating</A> document
137
While csv1 zone files are fully supported in MaraDNS 1.2, there is a Perl
138
script for updating from CSV1 to CSV2 zone files in the <tt>tools/</tt>
139
directory of MaraDNS 1.2.
128
<H2>1. I'm using an older version of MaraDNS</H2>
130
Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older versions
131
of MaraDNS, with the relatively few changes need to upgrade
132
<A href=http://maradns.org/tutorial/update.html>documented</A>.
136
MaraDNS 1.0 and 1.2 are only supported for critical security updates, and
137
will no longer be supported on December 21, 2010. MaraDNS 1.3 is also only
138
supported for critical security updates, and support will stop on December
139
21, 2012. MaraDNS 1.4 will be fully supported (security and other important
140
bug fixes) for the foreseeable future, alongside MaraDNS 2.0 when and if
179
181
<H2>4. How do I report bugs in MaraDNS?</H2>
181
Please contact me; my email address is at
183
href="http://www.maradns.org/contact.html">http://www.maradns.org/contact.html</A>.
184
Please be sure to include all information requested there, including
185
the operating system you are using, the version of MaraDNS you are using,
186
your <tt>mararc</tt> configuration file, and all relevant zone files.
183
Send an email to the MaraDNS mailing list. Details on how to do
184
this are at <A href=http://www.maradns.org/>http://www.maradns.org/</A>
190
188
<H2>5. Some of the postings to the mailing list do not talk about MaraDNS!</H2>
191
In cases where I post something to the mailing list which does not directly
192
talk about MaraDNS, the subject line will not have [MARA] in it, but will
193
have some form of the word CHATTER in it.
195
This way, people who do not like this can set up mail filters to filter out
196
anything that comes from this list and doesn't have [MARA] in the subject
197
line, or simply unsubscribe from the list and read the list from the
198
archives; if one needs to report a bug, they can subscribe to the list
199
again, post their bug, then unsubscribe after a week.
201
Another option is to set up one's Freshmeat preferences to be notified
202
in email every time I update MaraDNS at Freshmeat. This will give one
203
email notice of any critical bug fixes without needing to be
204
subscribed to the mailing list.
206
The web page <A href="http://www.maradns.org">http://www.maradns.org/</A>
207
has a link to the mailing list archives.
190
Topic drift sometimes happens. It's a part of life.
800
763
If a zone looks like this:
803
example.net. +600 soa ns1.example.net. hostmaster@example.net
804
10 10800 3600 604800 1080 ~
805
example.net. +600 mx 10 mail.example.net. ~
806
example.net. +600 a 10.2.3.5 ~
807
example.net. +600 ns ns1.example.net. ~
808
example.net. +600 ns ns3.example.net. ~
809
mail.example.net. +600 a 10.2.3.7 ~
810
www.example.net. +600 a 10.2.3.11 ~
766
example.net. +600 soa ns1.example.net.
767
hostmaster@example.net 10 10800 3600 604800 1080
768
example.net. +600 mx 10 mail.example.net.
769
example.net. +600 a 10.2.3.5
770
example.net. +600 ns ns1.example.net.
771
example.net. +600 ns ns3.example.net.
772
mail.example.net. +600 a 10.2.3.7
773
www.example.net. +600 a 10.2.3.11
813
776
Then the NS records will be "synth-ip" records.
817
780
The zone should look like this:
820
example.net. +600 soa ns1.example.net. hostmaster@example.net
821
10 10800 3600 604800 1080 ~
822
example.net. +600 ns ns1.example.net. ~
823
example.net. +600 ns ns3.example.net. ~
824
example.net. +600 mx 10 mail.example.net. ~
825
example.net. +600 a 10.2.3.5 ~
826
mail.example.net. +600 a 10.2.3.7 ~
827
www.example.net. +600 a 10.2.3.11 ~
783
example.net. +600 soa ns1.example.net.
784
hostmaster@example.net 10 10800 3600 604800 1080
785
example.net. +600 ns ns1.example.net.
786
example.net. +600 ns ns3.example.net.
787
example.net. +600 mx 10 mail.example.net.
788
example.net. +600 a 10.2.3.5
789
mail.example.net. +600 a 10.2.3.7
790
www.example.net. +600 a 10.2.3.11
830
793
This will remove the "synth-ip" records.
936
899
<A name=makepkg> </A>
937
<h2>Will you make a package for the particular Linux
900
<h2>36. Will you make a package for the particular Linux
938
901
distribution I am using?</h2>
940
903
No. OK, let me qualify that: I won't do it unless you pay
944
There are MaraDNS packages for a number of different distributions of
945
Linux and other operating systems. On the MaraDNS site, there is
946
a MaraDNS package for CentOS/Red Hat Enterprise Linux available. There
947
is also usually an up-to-date Slackware package available. In addition,
948
there is a Debian package in the Debian packages collection, a FreeBSD
949
port of MaraDNS, a Ubuntu package which is derived from the Debian package,
950
and undoubtably other MaraDNS packages floating around the internet.
953
If you wish to have a package for your particular version of Linux (or
954
MacOS X or BSD or...), you can use one of the above packages as a starting
955
point for making your package. For example, other RPM-based distributions
956
can use the CentOS RPM package as a baseline (the .spec file is in the
957
<tt>build/</tt> directory). I can not help you with any problems you
958
may encounter making this package since I do not have your particular
959
version of Linux installed on my computer.
962
As an aside, some of the MaraDNS packages floating around on the internet
963
are out of date (*cough*, Debian, *cough*)<sup><font
964
size=-2>1</font></sup>. Please make sure, that if you get a third-party
965
package from the internet, the package is for either MaraDNS 1.0.41,
966
MaraDNS 1.2.12.08, or MaraDNS 1.3.07.05. Older versions of MaraDNS are
969
Footnote 1: Debian has a somewhat silly policy that, once a package is
970
declared "stable", they will basically not update it unless there is a
971
Bugtraq security advisory for the package in question. This policy is
972
a good policy for programs made by pimply-faced 16-year-olds who don't
973
know how to manage a release cycle nor a bugfix-only branch, but doesn't
974
make sense for MaraDNS. As I write this, the Debian's "stable" version of
975
MaraDNS is 1.2.12.04, which is about a year behind in terms of bugfixes.
976
I, annoyingly enough, get bug reports from Debian users telling me about
977
bugs I have already fixed in the 1.2 branch of MaraDNS.<p>
979
Now, to be fair to Debian, their policies do allow me to backport bugfixes
980
to the 1.2.12.04 release of MaraDNS, and the patches do get reviewed by
981
somone else, which minimizes bugfixes introducing new bugs (Yes, I have
982
done that), but there are not enough volunteers to review all of the
983
bugfixes I have made since 1.2.12.04. So, Debian users get stuck with
984
an old, buggy version of MaraDNS. The policy would work if there were
985
enough volunteers to actually review all of my post-1.2.12.04 bugfixes,
986
but the people who created the policy did not take in to account the
987
logistics of volunteer work.
907
There is, however, a CentOS 5-compatible RPM spec file in the build directory.
989
909
<A name=wincrippled> </A>
990
<h2>I am using the native Windows port of MaraDNS,
910
<h2>37. I am using the native Windows port of MaraDNS,
991
911
and some features are not working.</h2>
993
913
Since Windows 32 does not have some features that *NIX OSes have, the native
1064
975
have known security problems, and need to be patched before put on a public
1065
976
internet server.
978
<A name=nxdomain> </A>
980
<h2>40. I have star records in my zones, and am having problems with
981
NXDOMAINs/IPV6 resolution</h2>
983
This was a bug in MaraDNS 1.2 which has long since been fixed.
985
<A name=blankzone> </A>
987
<h2>41. I have a zone with only SOA/NS records, and the zone is not
990
MaraDNS 1.2 has a bug where it does not correctly process zones without
991
any "normal" records. For example, suppose a zone like this:
994
% SOA localhost. root@localhost. 1 7200 600 1209600 3600
998
This zone will not work until some non-SOA/NS record is added, such
999
as in this zone file:
1002
% SOA localhost. root@localhost. 1 7200 600 1209600 3600
1004
foo.% TXT 'MaraDNS 1.2 needs this record.'
1007
This bug has been fixed in MaraDNS 1.3 and 1.4; since this is not a
1008
security bug (there is a perfectly good workaround), this bug will not
1009
be fixed in MaraDNS 1.2 unless you pay me to fix it.
1013
<h2>42. I am having problems registering my domain with AFNIC (the registrar
1014
for .fr domains)</h2>
1016
Because of an issue with AFNIC (who, annoyingly enough, check the RA bit
1017
when registering a domain), in order to register a domain with AFNIC using
1018
MaraDNS as your DNS server, the following steps need to be followed:
1022
<li> MaraDNS version 1.4 needs to be used; if you're using an
1023
older version of MaraDNS, upgrade.
1025
<li> It is necessary to have recursion disabled. This can be done either by
1026
compiling MaraDNS without recursive support (./configure --authonly ; make),
1027
or by making sure MaraDNS does not have recursion enabled (by not having
1028
<tt>recursive_acl</tt> set in one's mararc file)
1032
If one wishes to both register domains with AFNIC and use MaraDNS as a
1033
recursive DNS server, it is required to have the recursive server be a
1034
separate instance of MaraDNS on a separate IP. It is not possible to have
1035
the same DNS server both send DNS packets in a way that both makes AFNIC
1036
happy and allows recursive queries.
1040
Note also: AFNIC gives warnings about reverse DNS lookups; more
1041
information about this issue can be found in <A href=#rdns>the FAQ entry
1042
about reverse DNS mappings</A> (question 7). In addition, AFNIC
1043
requires DNS-over-TCP to work; information on configuring MaraDNS to
1044
have this can be found <A
1045
href="http://www.maradns.org/tutorial/dnstcp.html">in the DNS-over-TCP
1048
<A name=nsdangle> </A>
1050
<h2>43. I can't see the full answers for subdomains I have delegated</h2>
1052
To have the subdomains be visible to recursive nameservers, add the following
1053
to your mararc file:
1055
<tt>recurse_delegation = 1</tt>
1057
<A name=resolve> </A>
1059
<h2>44. MaraDNS 1 has a problem resolving a domain</h2>
1061
This issue should be fixed when and if I release MaraDNS 2.0.
1065
Here's what happening: I'm rewriting the recursive resolver for MaraDNS.
1066
The old code was always designed to be a placeholder until I wrote a new
1071
The new recursive resolver is called "Deadwood"; right now it's a fully
1072
functional non-recursive DNS cache. More information is here:
1074
<A href=http://maradns.blogspot.com/search/label/Deadwood>http://maradns.blogspot.com/search/label/Deadwood</A>
1076
<A href=http://maradns.org/deadwood>http://maradns.org/deadwood/</A>
1078
Since the old recursive code is a bit difficult to maintain, and since I
1079
in the process of rewriting the recursive code, my rule is that I will only
1080
resolve issues where an Alexa top 500 site can not resolve with MaraDNS'
1081
current recursive resolver at all.
1083
If resolving a given domain with MaraDNS' code is an urgent issue
1084
for you, please consider sponsoring MaraDNS:
1086
<A href=http://www.maradns.org/products.html>http://www.maradns.org/products.html</A>
1088
<A name=nxdomain2> </A>
1089
<h2>45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.</h2>
1091
There is a known bug in MaraDNS 1.2.12 where, should a client ask for
1092
a non-existent record in all caps, MaraDNS 1.2.12 will return a NXDOMAIN
1093
instead of a "not there" reply. This can cause there to be problems
1094
delivering email to the host in question if a mail transport agent asks
1095
for a name in all caps.
1099
If this is an issue for your organization, please upgrade to a newer
1100
version of MaraDNS; MaraDNS 1.4 does not have
1101
this bug. If you want to see this bug fixed in MaraDNS 1.2, please
1102
help sponsor MaraDNS.
1104
<A name=phishing> </A>
1105
<h2>46. Can MaraDNS offer protection from phishing and
1106
malicious sites?</h2>
1112
Here is a webpage that explains how its done:
1117
href=http://www.malwaredomains.com/?p=288>http://www.malwaredomains.com/?p=288</A>
1121
Should that website be down, I have made a local mirror of the
1126
<A href=http://www.maradns.org/createmaradns-pl.txt>createmaradns-pl.txt</A>
1129
<h2>47. Does maradns support star (wildcard) records?</h2>
1135
MaraDNS supports both having stars at the beginning of records and the
1136
end of records. For example, to have <i>anything</i>.example.com. have
1137
the IP 10.1.2.3, add this line to the zone file for example.com:
1141
<tt>*.example.com. A 10.1.2.3</tt>
1145
To have stars at the end of records, <tt>csv2_default_zonefile</tt> has to
1146
be set. The mararc parameter <tt>bind_star_handling</tt> affects how
1147
star records are handled. More information is in the <A
1148
href=http://www.maradns.org/tutorial/man.mararc.html>mararc man page</A>.